Anthropic's Claude Mythos Preview has become the first AI model to pass all cyberattack simulations from Britain's AI Security Institute, marking a dramatic acceleration in AI offensive capabilities.
The UK agency has revised its timeline estimates twice in rapid succession. Initial projections put AI cyber capability doubling at eight months. That shrank to 4.7 months. Now Mythos and OpenAI's GPT-5.5 have overtaken even the accelerated forecast.
The benchmark tests AISI's attack simulations across multiple security scenarios. Mythos cleared every one. This isn't theoretical—the institute evaluates models against real-world exploit techniques and vulnerability discovery tasks. Passing all simulations means Mythos can reliably identify security gaps and execute attacks that current defenses struggle to counter.
Logan Graham, Anthropic's head of red teaming, underscore the pace of change with a blunt warning: "Within a year, Mythos will probably look quite dumb." The statement reflects genuine uncertainty about capability trajectories. If current doubling rates hold, next-generation models will outpace Mythos in offensive security tasks far faster than previous AI benchmarks suggested.
This creates a dual problem. First, it compresses the window for defensive security measures. Organizations typically need 18 to 24 months to patch vulnerabilities at scale. If AI-assisted attacks accelerate beyond that timeline, defense becomes reactive rather than preventive. Second, it forces government agencies to accelerate their own testing cycles just to keep evaluation benchmarks relevant.
The AISI benchmark serves as a public accountability measure. By publishing results, Britain's safety agency creates pressure on labs to deploy responsible safeguards. But Mythos clearing all tests also validates the institute's approach—the benchmarks identify real capability boundaries worth measuring.
The underlying technical challenge remains unchanged: offensive and defensive AI